Mask HTML output in _wp_dashboard_recent_comments_row()

Description

Problem:
In _wp_dashboard_recent_comments_row(), dashboard.php, the post_title of a post is printed as in the database. HTML special characters are not masked.

This is not a security problem by itself, but it can facilate XSS exploits. For example, if an attacker manages to insert JavaScript into a post's title and leaves a comment for this post, then as soon as an admin loads the dashboard, the JavaScript is executed. (I did not make this up; this is a scenario with a vulnerable plugin, for which I was able to create a PoC exploit.)

Luckily, with WP 2.7+ and PHP 5.2+, the auth cookies are HttpOnly. But they aren't on older setups, and there are enough other nasty XSS attacks (e.g. in conjunction with Social Engineering), which can make this potentially dangerous.